Keyvault - UCG Proposal

Astar Initiatives dApp staking applications
89

Report for month 2

Initial goals for month 2

  • Get social recovery set up

Note: This is actually a simple sounding goal that is a lot more involved. Big picture-wise, it required

  1. implementing (or finding a library I find trustable) Shamir Secret Sharing algorithm (It is a threshold encryption scheme where, to recover the original secret, you require any k of n “shares.” For example, you might choose to k=3 and n=5, so that any 3 of the 5 shares can be combined to give you back the original secret, but having only 1 or 2 of the shares does you no good.).

  2. implementing (or finding a library I find trustable) a public key, private key system so that messages containing the shares (see above) can be securly sent to those you trust.

  3. implementing a sort of address book so that anyone can easily get anyone else’s public keys (This is safe to do and intentional. You need the recipient’s public key so that you may encrypt a message that only the intended recipient can decrypt and read.).

Mindset and actual goals that I worked on in month 2

As I work developing on stuff, I noticed that there were some stuff I neglected, including the implementation of a fairly important algorithm for merging the credentials that are on-chain and the credentials that are in the keyvault extension.

This is “only” an issue if you create new credentials in keyvault in multiple devices/browsers and are not dilegent in pushing the new creds on-chain. That said, it was a major oversight of mine and I felt I needed to fix it as soon as possible.

With that said, the actual goals I worked on this month:

  1. Figure out how to develop and test locally (as mentioned in the previous report, hardhat’s localnet didn’t work out.)

  2. Design and implement the merging algorithm I mentioned just above.

  3. Write tests and proofs to demonstrate the merging algorithm’s correctness,

  4. Update the keyvault Chrome/Brave extension to work on Firefox as well.

  5. (Sub-goal 1 from above) implementing (or finding a library I find trustable) Shamir Secret Sharing algorithm

  6. (Sub-goal 2 from above) implementing (or finding a library I find trustable) a public key, private key system so that messages can be easily encrypted and decrypted

  7. Move ASTR tokens into a new address and store the private key for that address into keyvault. This was the substitute for an audit that I decided on since audits turned out to be incredibly expensive and I don’t have that kind of money lying around. (See below)

Of the above, I managed (new) goals 1, 2, 3, 4, and 6, but partially 5 and 7.

Summary report on new goals

  1. (Done) Tested with Foundry’s Anvil and that worked. It only required a few tweaks. READMEs with details so that anyone who wishes to try out keyvault locally first can do so.

  2. (Done) The main issue was that keyvault uses a weird data structure (For security and privacy purposes, although keyvault nominally uses an array of objects as its main data structure, the data structure is actually a sort of mix between arrays and linked-lists). I’ll write a more detailed report on this within the next week or so and avoid going deeper here.

  3. (Done) Just wrote a number of tests and proofs for my understanding of their correctness. As with (2), I’ll write a more detailed report on this within the next week or so and avoid going deeper here.

  4. (Done / sorta) This turned out to be a pain-in-ass, and the result is a Firefox add-on (an “extension” in Firefox’s lingo) that, currently, can only be installed on Firefox developer edition and not the mainstream version. For the mainstream version, only add-ons approved and signed by Mozilla are installable and I feel like I’m still updating keyvault too frequently for that at the moment.

  5. (partially done) I found an implementation by Parity (more info below) but have not yet made use of it in keyvault.

  6. (Done) I found a library, OpenPGP.js, maintained by Proton Mail that fits what keyvault needs perfectly. It has been incoporated into keyvault, but the UX is still not great.

  7. (partially done) I’ve created a new wallet and moved some ASTRs into it (~1,000 ASTRs so far) and stored the wallet’s private key into keyvault as a sort of alternative for an audit. I’ll move another 6,000 ASTRs into it in the next day or so, and make a public promise to give the successful attacker another 7,000 ASTRs upon them publicly demonstrating how the attack was done. I haven’t moved the tokens from the portal to my wallet yet. So, the total reward is 14,000 ASTRs, or 1,000 USD. There will be a end date. I’m thinking at least until December 2024 or so.

New libraries incorporated into keyvault

I had done a lot of searches into open-source implementations of end-to-end encryption schemes (such as Signal’s) and implementations of Shamir Secret Sharing (there was one implemented in Go by HashiCorp for their HashiCorp Vault, shamir.go).

To put some of your minds at ease, I was sure that the lower-level building blocks that I needed must have been built and tested already, and likely by some big names. What I wasn’t sure about was which exact building blocks I’ll need and what the design of the larger system will look like. Hence, I was looking into what others had done to hopefully understand what issues they ran into and avoided.

Luckily, however, I eventually encountered 2 libraries that did exactly what I need, and implemented in JavaScript by well-known, reputable organizations. So, my task simplified to one where I plug the two libraries into keyvault.

The 2 libraries are

  1. OpenPGP.js – This is a JavaScript implementation of OpenPGP. (OpenPGP is essentially the gold standard for securely encrypting and decrypting messages.) This project is maintained by Proton Mail (see Proton Mail now the maintainer of OpenPGPjs email encryption library | Proton).

  2. banana split – This is a Javascript implementation of Shamir Secret Sharing plus a frontend. It’s not actually a library, so I just took the code and imported it into keyvault (see shamir.ts and shamir.test.ts). banana split is written by the developers at Parity, the main org behind the development and implemenation of Polkadot.

Audit alternative

As I found out, audits are incredibly expensive. Too expensive for me to afford at the moment. Instead, I’m moving a bunch of the ASTRs I’m receving from Astar’s UCG program into a new wallet and storing the wallet’s private key into keyvault.

The idea is that if someone can hack it, they can take the ASTR tokens and that’ll prove keyvault is unsafe. Then, once they explain how it was done publicly (so that keyvault can hopefully patch it), another portion is handed out.

To be far, I don’t think this is quite far since successfully hacking/decrypting the ciphertext for the account’s private keys means breaking a 256-bit AES-GCM encrypted ciphertext, a feat that’s worth a lot more. Nevertheless, this is what I can offer.

Transaction info

I think I’ve withdrawn a total of ~10,800 ASTRs from the Astar Portal since my last report. I’ll withdraw another ~13,000 ASTRs in the next few days. I’ll need to check the transactions for a better tally, but I’ll update this thread with the correct number once I figure it out.

Additional notes

I’ve come to realize I’ve grossly underestimated the amount of time and work keyvault will require. I will need to revise the timeline. I hope you understand.

I’ll update this thread with a new timeline as soon as I’ve figured it out myself.

3 Likes